nestjs-keycloak-auth 1.0.4 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -63,6 +63,7 @@ KeycloakAuthModule.register({
63
63
  bearerOnly: true,
64
64
  policyEnforcement: PolicyEnforcementMode.PERMISSIVE, // optional
65
65
  tokenValidation: TokenValidation.ONLINE, // optional
66
+ backchannelLogoutTtlMs: 24 * 60 * 60 * 1000, // optional, defaults to 24 hours
66
67
  });
67
68
  ```
68
69
 
@@ -98,6 +99,7 @@ export class KeycloakConfigService implements KeycloakAuthOptionsFactory {
98
99
  bearerOnly: true,
99
100
  policyEnforcement: PolicyEnforcementMode.PERMISSIVE,
100
101
  tokenValidation: TokenValidation.ONLINE,
102
+ backchannelLogoutTtlMs: 24 * 60 * 60 * 1000,
101
103
  };
102
104
  }
103
105
  }
@@ -234,7 +236,7 @@ Here are the decorators you can use in your controllers.
234
236
 
235
237
  | Decorator | Description |
236
238
  | ------------------ | --------------------------------------------------------------------------------------------------------- |
237
- | @KeycloakUser | Retrieves the current Keycloak logged-in user. (must be per method, unless controller is request scoped.) |
239
+ | @AuthenticatedUser | Retrieves the current Keycloak logged-in user. (must be per method, unless controller is request scoped.) |
238
240
  | @AccessToken | Retrieves the access token used in the request |
239
241
  | @ResolvedScopes | Retrieves the resolved scopes (used in @ConditionalScopes) |
240
242
  | @EnforcerOptions | Keycloak enforcer options. |
@@ -352,6 +354,7 @@ Current test setup uses Jest + ts-jest and is configured to enforce 100% global
352
354
  | tokenValidation | Sets the token validation method | no | ONLINE |
353
355
  | multiTenant | Sets options for [multi-tenant configuration](#multi-tenant-configuration) | no | - |
354
356
  | roleMerge | Sets the merge mode for `@Roles` decorator | no | OVERRIDE |
357
+ | backchannelLogoutTtlMs | TTL for in-memory back-channel logout revocation entries in milliseconds | no | 86400000 |
355
358
 
356
359
  ### Common Keycloak Config Fields
357
360
 
@@ -1,5 +1,9 @@
1
1
  /**
2
- * Retrieves the current Keycloak logged-in user.
2
+ * Retrieves the current authenticated user from the request.
3
3
  * @since 1.5.0
4
4
  */
5
+ export declare const AuthenticatedUser: (...dataOrPipes: unknown[]) => ParameterDecorator;
6
+ /**
7
+ * @deprecated Use `AuthenticatedUser` instead.
8
+ */
5
9
  export declare const KeycloakUser: (...dataOrPipes: unknown[]) => ParameterDecorator;
@@ -1,13 +1,17 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.KeycloakUser = void 0;
3
+ exports.KeycloakUser = exports.AuthenticatedUser = void 0;
4
4
  const internal_util_1 = require("../internal.util");
5
5
  const common_1 = require("@nestjs/common");
6
6
  /**
7
- * Retrieves the current Keycloak logged-in user.
7
+ * Retrieves the current authenticated user from the request.
8
8
  * @since 1.5.0
9
9
  */
10
- exports.KeycloakUser = (0, common_1.createParamDecorator)((data, ctx) => {
10
+ exports.AuthenticatedUser = (0, common_1.createParamDecorator)((data, ctx) => {
11
11
  const [req] = (0, internal_util_1.extractRequest)(ctx);
12
12
  return req.user;
13
13
  });
14
+ /**
15
+ * @deprecated Use `AuthenticatedUser` instead.
16
+ */
17
+ exports.KeycloakUser = exports.AuthenticatedUser;
@@ -45,6 +45,11 @@ export interface NestKeycloakConfig {
45
45
  * Role merging options.
46
46
  */
47
47
  roleMerge?: RoleMerge;
48
+ /**
49
+ * TTL for in-memory back-channel logout revocation entries in milliseconds.
50
+ * Defaults to 24 hours.
51
+ */
52
+ backchannelLogoutTtlMs?: number;
48
53
  }
49
54
  /**
50
55
  * Keycloak Connect options.
@@ -1,3 +1,4 @@
1
+ import { KeycloakAuthConfig } from '../interface/keycloak-auth-options.interface';
1
2
  /**
2
3
  * In-memory store tracking revoked sessions and users from
3
4
  * OIDC back-channel logout tokens.
@@ -6,10 +7,13 @@
6
7
  * (default 24 hours) to prevent unbounded memory growth.
7
8
  */
8
9
  export declare class BackchannelLogoutService {
10
+ private readonly keycloakOpts;
9
11
  private readonly logger;
12
+ private static readonly DEFAULT_TTL_MS;
10
13
  private readonly revokedSessions;
11
14
  private readonly revokedUsers;
12
15
  private readonly ttlMs;
16
+ constructor(keycloakOpts: KeycloakAuthConfig);
13
17
  /**
14
18
  * Mark a session and/or user as revoked.
15
19
  * At least one of `sid` or `sub` must be provided.
@@ -27,4 +31,10 @@ export declare class BackchannelLogoutService {
27
31
  * Remove entries older than the TTL to prevent unbounded growth.
28
32
  */
29
33
  private cleanup;
34
+ /**
35
+ * Resolve the TTL for in-memory revocation entries.
36
+ * Uses `backchannelLogoutTtlMs` when configured with a valid positive number,
37
+ * otherwise falls back to the default 24-hour retention window.
38
+ */
39
+ private resolveTtlMs;
30
40
  }
@@ -5,9 +5,16 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
5
5
  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
6
  return c > 3 && r && Object.defineProperty(target, key, r), r;
7
7
  };
8
+ var __metadata = (this && this.__metadata) || function (k, v) {
9
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
+ };
11
+ var __param = (this && this.__param) || function (paramIndex, decorator) {
12
+ return function (target, key) { decorator(target, key, paramIndex); }
13
+ };
8
14
  var BackchannelLogoutService_1;
9
15
  Object.defineProperty(exports, "__esModule", { value: true });
10
16
  exports.BackchannelLogoutService = void 0;
17
+ const constants_1 = require("../constants");
11
18
  const common_1 = require("@nestjs/common");
12
19
  /**
13
20
  * In-memory store tracking revoked sessions and users from
@@ -17,11 +24,12 @@ const common_1 = require("@nestjs/common");
17
24
  * (default 24 hours) to prevent unbounded memory growth.
18
25
  */
19
26
  let BackchannelLogoutService = BackchannelLogoutService_1 = class BackchannelLogoutService {
20
- constructor() {
27
+ constructor(keycloakOpts) {
28
+ this.keycloakOpts = keycloakOpts;
21
29
  this.logger = new common_1.Logger(BackchannelLogoutService_1.name);
22
30
  this.revokedSessions = new Map(); // sid → revokedAt
23
31
  this.revokedUsers = new Map(); // sub → revokedAt
24
- this.ttlMs = 24 * 60 * 60 * 1000; // 24 hours
32
+ this.ttlMs = this.resolveTtlMs();
25
33
  }
26
34
  /**
27
35
  * Mark a session and/or user as revoked.
@@ -93,8 +101,25 @@ let BackchannelLogoutService = BackchannelLogoutService_1 = class BackchannelLog
93
101
  }
94
102
  }
95
103
  }
104
+ /**
105
+ * Resolve the TTL for in-memory revocation entries.
106
+ * Uses `backchannelLogoutTtlMs` when configured with a valid positive number,
107
+ * otherwise falls back to the default 24-hour retention window.
108
+ */
109
+ resolveTtlMs() {
110
+ const configuredTtl = this.keycloakOpts.backchannelLogoutTtlMs;
111
+ if (typeof configuredTtl === 'number' &&
112
+ Number.isFinite(configuredTtl) &&
113
+ configuredTtl > 0) {
114
+ return configuredTtl;
115
+ }
116
+ return BackchannelLogoutService_1.DEFAULT_TTL_MS;
117
+ }
96
118
  };
97
119
  exports.BackchannelLogoutService = BackchannelLogoutService;
120
+ BackchannelLogoutService.DEFAULT_TTL_MS = 24 * 60 * 60 * 1000;
98
121
  exports.BackchannelLogoutService = BackchannelLogoutService = BackchannelLogoutService_1 = __decorate([
99
- (0, common_1.Injectable)()
122
+ (0, common_1.Injectable)(),
123
+ __param(0, (0, common_1.Inject)(constants_1.KEYCLOAK_AUTH_OPTIONS)),
124
+ __metadata("design:paramtypes", [Object])
100
125
  ], BackchannelLogoutService);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nestjs-keycloak-auth",
3
- "version": "1.0.4",
3
+ "version": "1.1.0",
4
4
  "description": "Keycloak authentication and authorization module for NestJS",
5
5
  "author": "B. Joshua Adedigba",
6
6
  "contributors": [